Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-11 01:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

D3FC0N 30 release: Obj callbacks, firewalling, symbols w/ internet, and more

Browse Source 
Co-authored-by: Maxime Meignan <maxime.meignan@wavestone.com>
This commit is contained in:
Qazeer
2022-08-13 09:23:48 -07:00
parent 2e037a379b
commit 48a75a7029
91 changed files with 10503 additions and 4414 deletions
Download Patch File Download Diff File Expand all files Collapse all files
EDRSandblast/Includes/Firewalling.h
+37
View File
@@ -0,0 +1,37 @@
/*
--- Firewall rules to block EDR products from the network (inboud / outbound connections).
*/
#pragma once
#include <Windows.h>
#include <Dbghelp.h>
#include <stdio.h>
#include <tlhelp32.h>
#include <Tchar.h>
#include "FirewallOps.h"
#include "IsEDRChecks.h"
#include "IsElevatedProcess.h"
// Singly-linked list used to hold the paths of binaries executed by EDRs (processes / services).
typedef struct sFwBinaryRules_ {
TCHAR* binaryPath;
TCHAR* ruleInboundName;
TCHAR* ruleOutboundName;
struct sFwBinaryRules_* next;
} fwBinaryRules;
typedef struct fwBlockingRulesList_ {
fwBinaryRules* first;
}fwBlockingRulesList;
void FirewallPrintManualDeletion(fwBlockingRulesList* fwEntries);
HRESULT FirewallBlockEDR(fwBlockingRulesList* fwEntries);
HRESULT FirewallUnblockEDR(fwBlockingRulesList* fwEntries);
void fwList_insertSorted(fwBlockingRulesList* fwEntries, fwBinaryRules* newFWEntry);